package commonInfrastructure.security;

import entity.AccessRole;
import entity.StaffAccount;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;

@Stateless
public class LoginControlSession implements LoginControlSessionRemote {
    @PersistenceContext
    private EntityManager entityManager;

    @Override
    public String login(String staffAccountName, String password) {
        String strQuery = "SELECT s FROM StaffAccount s WHERE s.staffAccountName = :inStaffAccountName AND s.password = :inPassword";
        Query query = entityManager.createQuery(strQuery);
        staffAccountName = staffAccountName.toLowerCase();
        query.setParameter("inStaffAccountName", staffAccountName);
        password = MD5.MD5(password);
        query.setParameter("inPassword", password);



        if (query.getResultList().size() == 1) {
            //如果用户名和密码是对的
            if (((StaffAccount) query.getResultList().get(0)).isActive()) {
                return USER_LOGIN_SUCCESSFULLY;
            } else {
                return USER_DEACTIVATED;
            }
        } else {
            //如果用户名或密码不对
            strQuery = "SELECT s FROM StaffAccount s WHERE s.staffAccountName = :inStaffAccountName";
            query = entityManager.createQuery(strQuery);
            query.setParameter("inStaffAccountName", staffAccountName);

            //If username exists
            if (query.getResultList().size() == 1) {
                StaffAccount staffAccount = (StaffAccount) query.getResultList().get(0);
                //increase tries by 1
                staffAccount.setTries(staffAccount.getTries() + 1);
                //System.out.println(staffAccount.getTries());
                //If tries excess the maximum count
                if (staffAccount.getTries() > 4) {
                    staffAccount.setActive(false);
                    entityManager.persist(staffAccount);
                    entityManager.flush();
                    return USER_DEACTIVATED;
                }
                //System.out.println(staffAccount.isActive());
                entityManager.persist(staffAccount);
                entityManager.flush();
            }
            return USER_NAME_PASSWORD_ERROR;
        }
    }

    @Override
    public boolean verifyStaffAccess(Long staffAccountID, String access) {
        Set<String> allAccess = new HashSet();
        StaffAccount staffaccount = entityManager.find(StaffAccount.class, staffAccountID);
        Set<AccessRole> roles = staffaccount.getAccessRole();
        for (Object o : roles) {
            AccessRole ar = (AccessRole) o;
            allAccess.addAll(ar.getAccess());
        }

        if (allAccess.contains(access)) {
            return true;
        } else {
            return false;
        }
    }
}
